Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1026271 |
|
SecurityTracker URL: http://securitytracker.com/id/1026271
|
|
CVE Reference:
CVE-2011-3402
(Links to External Site)
|
Updated: Dec 13 2011
|
Original Entry Date: Nov 3 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
|
Description:
A vulnerability was reported in Microsoft Windows. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted document that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with kernel level privileges.
The vulnerability resides in the Win32k.sys kernel driver in the parsing of TrueType fonts.
This vulnerability is being actively exploited by the Duqu malware.
CrySyS Lab reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=b01bb041-005c-48c4-a606-66aa264ba0fa
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0a872cd2-5f4d-400c-a1c4-a2d194746fb6
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=e84e6964-1580-41ef-9d3e-4d0c3ad4cb69
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9d9f3667-3fd6-4948-83db-282783599f41
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=1ecf72cd-6732-4cf3-aa22-8caf15ea633e
Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7f69ec9d-43ad-4106-90ef-c191e7ec43af
Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=ae1f1f86-6f13-4e1e-9f93-4f70b6c9927e
Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=c4ba344d-dd0d-4cfb-81d9-d364d7f37e25
Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=058963f6-9654-41d0-86d2-f25a0c2ad416
Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=42cd1c33-11a7-4a29-ae85-f7272a626f91
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0526727a-f2fb-4846-9b04-f1899f52f1f6
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=cfd42c42-1595-419a-bf04-b23b64663629
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=d64a31ca-cccd-488a-98fd-c059b9e9e1ea
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=b46f6da7-6d24-4262-8e55-3b657db39813
A restart is required.
The Microsoft advisory is available at:
http://technet.microsoft.com/en-us/security/bulletin/ms11-087
|
Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms11-087 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 03 Nov 2011 05:14:20 +0000
Subject: Microsoft Word
|
http://crysys.hu/
DUQU DROPPER RECOVERED!
|
|
